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REPLY BRIEF UNDER 37 CFR 41.4Ua)m 

Mail Stop Board of Patent Appeals and interferences 
P.O. Box 1450 
Alexandria, VA 22313-1450 

Sir: 

In response to the Examiner's Answer dated April 18, 2007, applicant replies 

as follows: 

REAL PARTY IN INTEREST 

The real party in interest is Hewlett-Packard Development Company, LP, a 
limited partnership established under the laws of the State of Texas and having a principal 
place of business at 20555 S.H. 249 Houston, TX 77070, U.S.A. (hereinafter "HPDC"). 
HPDC is a Texas limited partnership and is a wholly-owned affiliate of Hewlett-Packard 
Company, a Delaware Corporation, headquartered in Palo Alto, CA. The general or 
managing partner of HPDC is HPQ Holdings, LLC. 

RELATED APPEALS AND INTERFERENCES 


Inventors: 
Serial No. 
Filed: 
For: 


Applicant's Representative has not identified, and does not know of, any other 


appeals of interferences which will directly affect or be directly affected by or have a bearing 
on the Board's decision in the pending appeal. 

STATUS OF CLAIMS 

Claims 1-10 are pending in the application. Claims were finally rejected in the 
Office Action dated February 28, 2005. Applicant's appeal the final rejection of claims 1-10, 
which are copied in the attached CLAIMS APPENDIX. 

STATUS OF AMENDMENTS 
The last Response was filed September 7, 2004. 

SUMMARY OF CLAIMED SUBJECT MATTER 

The current application is directed towards a method for securing control- 
device-logical-unit ("CDLUN") operations within a disk-array controller (206 in Figure 2), or 
in other mass-storage-device controllers, invoked by remote host computers. As explained in 
the current application in the two paragraphs beginning on line 27 of page 4, a CDLUN is 
essentially a type of virtual LUN provided by a mass-storage controller to allow remote, host 
computers to invoke controller functionality involving multiple LUNs. As explained in the 
current application, beginning on line 16 of page 3, a LUN, or logical unit, represents some 
portion of the storage capabilities of a mass-storage-device, and a disk-array controller, or 
other mass-storage-device controller, provides LUNs (208-215 in Figure 2) as interfaces to 
the various portions, or partitions, of mass-storage space (203-205 in Figure 2) within a mass- 
storage device (202 in Figure 2). Certain operations, such as LUN mirroring, involve 
multiple LUNs. The CDLUN was devised as a target for addressing requests by remote host 
computers to a mass-storage-device controller for multi-LUN, or multi-partition, operations, 
such as a request to mirror one LUN to a different LUN, and for other mass-storage-device 
controller operations. 

Although CDLUNs serve admirably in the capacity intended, an additional 
problem was subsequently discovered. In general, access to individual LUNs, and to 
operations carried out with respect to individual LUNs, is controlled by various security 
mechanisms. For example, a remote host computer storing sensitive data on a particular 
LUN of a disk array generally arranges for the LUN storing sensitive data to be at least write- 
protected, and often both read-protected and write-protected, so that only the remote host 


computer, and no other remote host computer, can access the sensitive data. These security 
mechanisms are easily extended to CDLUNs. Thus, for example, only authorized remote 
host computers can request mirroring operations through a particular CDLUN. However, 
these security mechanisms have proven to be inadequate to prevent unauthorized access to 
individual LUNs as a result of multi-LUN operations requested through CDLUNs. For 
example, although remote host computer A may have neither read nor write access to LUN 
X, remote host computer A may still alter the contents of LUN X by, for example, requesting 
that LUN Y be mirrored to LUN X by sending a multi-LUN request to a CDLUN to which 
remote host computer A is authorized to send multi-LUN requests. Embodiments of the 
present invention address this potential security and access problem, and other related 
problems. 

Independent claim 1 and dependent claims 2-5 that depend from claim 1 claim 
a method for authorizing access by remote entities to logical units provided by a mass storage 
device. The method includes steps of: (1) providing an access table that includes entries that 
each represents authorization of a particular remote entity to access a particular logical unit; 

(2) providing a supplemental access table that includes entries that each represents 
authorization of a particular control device logical unit to access a particular logical unit; and 

(3) when a remote entity requests execution of an operation directed to a specified control 
device logical unit and involving one or more additional specified logical units, authorizing 
the request for execution of the operation only when an entry currently exists in the access 
table that represents authorization of the remote entity to access the specified control device 
logical unit and, for each of the one or more additional specified logical units, an entry exists 
in the supplemental access table that represents authorization of the specified control device 
logical unit to access the additional specified logical unit. 

Independent claim 6 and dependent claims 7-10 that depend from claim 6 
claim an authorization system for authorizing access by remote entities to logical units 
provided by a mass storage device. The claimed authorization system includes: (1) a request 
detecting component that detects requests for execution of an operation generated by a 
remote entity; (2) an access table that includes entries that each represents authorization of a 
particular remote entity to access a particular logical unit; (3) a supplemental access table that 
includes entries that each represents authorization of a particular control device logical unit to 
access a particular logical unit; and (4) control logic that authorizes a request made by a 
remote entity, detected by the request detecting component, directed to a specified control 
device logical unit and involving one or more additional specified logical units only when an 


entry exists in the access table that represents authorization of the remote entity to access the 
specified control device logical unit and, for each of the one or more additional specified 
logical units, an entry exists in the supplemental access table that represents authorization of 
the specified control device logical unit to access the additional specified logical unit. 

GROUNDS OF REJECTION TO BE REVIEWED ON APPEAL 

1. Whether the 35 U.S.C. § 102(e) rejections of claims 1-10 as being anticipated by Ito 
et al., U.S. Patent No. 6,684,209 represent a reasonable and substantial new ground for 
rejection that would supplement or eclipse the issues already identified in the Appeal 
originally filed by Applicants on July 28, 2005. 

ARGUMENT 

Claims 1-10 are currently pending in the application. In the Examinees 
Answer, dated April 18, 2007, the Examiner withdrew the 35 U.S.C. § 112, second 
paragraph, rejections of claims 1, 2, 4-5, 7, and 9-10 and the 35 U.S.C. § 103(a) rejections of 
claims 1-2, 4, 6-7, and 9 under 35 U.S.C. § 103(a) as being obvious over Tulloch, 
"Administering Internet Information Server 4," New York, McGraw-Hill Professional, 1998, 
ISBN: 0072128232 ("Tulloch") in view of "Microsoft Windows NT Server, Resource 
Guide," Microsoft Press, 1996, ISBN: 1,57231,344,7 ("Windows NT"), while maintaining 
the 35 U.S.C. § 102(e) rejections of claims 1-10 as being anticipated by Ito et al., U.S. Patent 
No. 6,684,209 ("Ito"). Applicants' representative respectfully and gratefully acknowledges 
the withdrawal of the 35 U.S.C. § 112, second paragraph, and 35 U.S.C. § 103(a) rejections, 
and respectfully traverses the 35 U.S.C. § 102(e) rejections of claims 1-10. 

ISSUE 1 

1. Whether the 35 U.S.C. § 102(e) rejections of claims 1-10 as being anticipated by Ito 
et al., U.S. Patent No. 6,684,209 represent a reasonable and substantial new ground for 
rejection that would supplement or eclipse the issues already identified in the Appeal 
originally filed by Applicants on July 28, 2005. 


claims: 


Claims 1-10 of the current application include the following two independent 


1. A method for authorizing access by remote entities to logical 
units provided by a mass storage device comprising: 

providing an access table that includes entries that each 
represents authorization of a particular remote entity to access a particular 
logical unit; 

providing a supplemental access table that includes entries that 
each represents authorization of a particular control device logical unit to 
access a particular logical unit; and 

when a remote entity requests execution of an operation 
directed to a specified control device logical unit and involving one or more 
additional specified logical units, 

authorizing the request for execution of the operation 
only when an entry currently exists in the access table that represents 
authorization of the remote entity to access the specified control device logical 
unit and, for each of the one or more additional specified logical units, an 
entry exists in the supplemental access table that represents authorization of 
the specified control device logical unit to access the additional specified 
logical unit, (emphasis added) 

6. An authorization system for authorizing access by remote 
entities to logical units provided by a mass storage device comprising: 

a request detecting component that detects requests for 
execution of an operation generated by a remote entity; 

an access table that includes entries that each represents 
authorization of a particular remote entity to access a particular logical unit; 

a supplemental access table that includes entries that each 
represents authorization of a particular control device logical unit to access a 
particular logical unit; and 

control logic that authorizes a request made by a remote entity, 
detected by the request detecting component, directed to a specified control 
device logical unit and involving one or more additional specified logical 
units only when an entry exists in the access table that represents authorization 
of the remote entity to access the specified control device logical unit and, for 
each of the one or more additional specified logical units, an entry exists in the 
supplemental access table that represents authorization of the specified control 
device logical unit to access the additional specified logical unit, (emphasis 
* added) 

Both claims 1 and 6 include much common language, with claim 1 directed to 
a method for authorizing access to logical units provided by a mass-storage device and claim 
6 directed to an authorization system for authorizing access to logical units provided by a 
mass-storage device. In the interest of brevity, the following discussion is focused on claim 
1, since almost identical arguments would otherwise be offered independently for claims 1 
and 6. 

The first element of claim 1 provides "an access table that includes entries that 


each represents authorization of a particular remote entity to access a particular logical unit." 


In other words, each entry of the access table represents authorization of a particular remote, 
host computer to access a particular logical unit provided by the mass-storage device. 
Implementation of the access table can be seen in the pseudocode class declarations on lines 
1-32 of the pseudocode provided on page 13 of the current application. Each access-table 
entry includes: (1) In, a numeric representation of a logical-unit number ("LUN"), declared on 
line 4 of the pseudocode; (2) pi, a numeric indication of a particular port within the mass- 
storage device, declared on line 5 of the pseudocode; and (3) sv, a numeric indication of 
remote host computer, declared on line 6 of the pseudocode. An access-table entry specifies 
that a particular remote entity, sv, can access LUN In through port pt, as discussed in the 
paragraph beginning on line 7 of page 6 in the current application. 

The second element of claim 1 provides "a supplemental access table that 
includes entries that each represents authorization of a particular control device logical unit 
("CDLUN") to access a particular logical unit. A pseudocode implementation of the 
supplemental access table is shown in lines 1-29 of the pseudocode provided on page 22 of 
the current application. Each entry of the supplemental-access table includes two fields: (1) 
In, a numeric representation of a LUN declared on line 4 of the pseudocode; and (2) cd, a 
numeric representation of a CDLUN, declared on line 5 of the pseudocode. Presence of an 
entry in the supplemental access table indicates that the CDLUN specified in the entry can 
access the LUN specified in the entry, as discussed on lines 40-42 of page 22, below the 
pseudocode, and elsewhere in the current application. 

The third element of claim 1 specifies that, "when a remote entity requests 
execution of an operation directed to a specified control device logical unit and involving one 
or more additional specified logical units," then the request for execution of the operation is 
authorized "only when an entry currently exists in the access table that represents 
authorization of the remote entity to access the specified control device logical unit and, for 
each of the one or more additional specified logical units, an entry exists in the supplemental 
access table that represents authorization of the specified control device logical unit to access 
the additional specified logical unit." In other words, when a host computer directs an 
operation to a CDLUN, a special type of LUN, discussed below, that represents an operation 
carried out by a disk array, rather than a portion of a physical logical unit, then an entry must 
be found in the access table that authorizes the host computer to access the CDLUN, and, in 
addition, an entry must also be found in the supplemental access table for each logical unit 
involved in the operation represented by the CDLUN that authorizes the CDLUN to access 
each of the logical units. For example, were a host computer (sv = 10) to direct an operation 


represented by CDLUN 5 (cd=5) that involves LUNS 1, 2, and 3 (In = {1, 2, 3}) to a disk 
array through port 7 (pt = 7), then, according to claim 1, the operation would be authorized 
only in the case that an entry in the access table exists with field values {In = 5, pt = 7, sv = 
10} and three entries exist in the supplemental access table with field values {In = 1, cd = 5}, 
{ In = 2, cd = 5}, { In = 3, cd= 5}. The access table authorizes access by the host computer 
to the CDLUN, and the supplemental access table authorizes access, by the CDLUN, to each 
of the additional specified logical units 1, 2, and 3. The access table authorizes host 
computers to access mass-storage-device-provided LUNs, and the supplemental access table 
authorizes mass-storage-device-provided CDLUNs to access particular mass-storage-device- 
provided LUNs. 

Appellant's representative agrees with the Examiner's statement in the final 

paragraph of page 3. Ito does indeed teach a storage subsystem with ports through which the 

storage subsystem communicates with host computers. Ito does indeed teach a M LUN access 

management table," each entry of which specifies a host-computer port name, a LUN, and a 

synonym or alias for the LUN, referred to by Ito as a "virtual LUN." Appellant's 

representative agrees with the middle paragraph of page 4 of the Examiner's Answer, in 

which the Examiner describes authorization of a host computer to access a particular LUN 

based on Ito's "LUN Access Management Table." However, Appellants' representative 

emphatically disagrees with the Examiner's first, conclusory paragraph on page 4 of the 

Examiner's Answer, in which the Examiner states: 

This reads on an access table that includes entries that each represents 
authorization of a particular remote entity to access a particular logical unit 
and a supplemental access table that includes entries that each represents 
authorization of a particular control device logical unit to access a particular 
logical unit. 

The above-quoted conclusory paragraph does not follow from anything in Ito 
or even from the Examiner's summary of Ito in the last paragraph of page 3 of the Examiner's 
Answer and in the middle paragraph of page 4 of the Examiner's Answer. Ito describes a 
single "LUN Access Management Table" with entries that each authorize a port of a host 
computer to access a single LUN provided by Ito's storage subsystem. In other words, Ito's 
"LUN Access Management Table" is quite similar, in structure and use, to the access table 
referred to in the first element of claim 1 and described in the current application, with the 
exception that Ito provides aliases, or synonyms, for the physical LUN in each of Ito's LUN- 
Access-Management-Table entry. However, nowhere in Ito, or in the Examiner's summaries, 
are CDLUNs mentioned, nowhere in Ito is there mention of any kind of table that authorizes 


access of LUNs of the storage subsystem by other LUNs of the storage system, and nowhere 
in Ito is there a description or suggestion of a two-part access authorization involving two 
different tables containing access-authorization information. The Examinees conclusory 
statement, in the first paragraph on page 4 of the Examiner's Answer, does not follow from 
anything disclosed in Ito or anything stated in the Examiner's summaries. Similarly, the 
second conclusory statement in the last, incomplete paragraph of page 4 of the Examiner's 
Answer and the first two lines of page 5 of the Examiner's Answer does not follow from 
either Ito or the Examiner's essentially accurate summary of Ito. Ito does not discuss, 
mention, or suggest a supplemental access table, each entry of which authorizes access of 
LUNs of Ito f s storage subsystem by other LUNs of Ito's storage subsystem. 

The term "control device logical unit" ("CDLUN") is a term of art well known 
to those skilled in the art of designing and manufacturing fiber-channel-connected storage 
subsystems, such as the disk arrays and other, similar mass-storage devices discussed in the 
current application and the storage subsystem discussed in Ito. Beginning on line 10 of page 
5 of the current application, CDLUNs are described as follows: 

To reconcile the fact that a number of operations provided to a requesting 
remote computer by a disk array controller may involve multiple LUNs to the 
fact that, in general, in invoking any particular operation during many current 
disk array controller interfaces, a remote computer must specify a single target 
LUN, a type of virtual LUN known as a control-device LUN ("CDLUN") is 
provided by disk array controllers as part of the interface through which 
remote computers invoke operations. CDLUNs are essentially points of 
access to various operations provided by, and carried out by, a disk array 
controller. (Emphasis added) 

CDLUNs are additionally discussed in the Request for Reinstatement of the Appeal, filed 
February 17, 2006, and in the original Appeal Brief, filed July 28, 2005. 

As clearly stated in the current application, a CDLUN does not correspond to a 
physical LUN, but instead provides a means for host computers to direct multi-LUN 
operations and other administrative operations to a disk array or other mass-storage device. 
CDLUNs are well known in disk arrays and storage subsystems, and are well defined in the 
current application. 

It is apparent, from the Examiner's comments in section (10) of the Examiner's 
Answer, that the Examiner has rather arbitrarily decided that Applicant's clearly defined and 
well-known claim term CDLUN, or control device logical unit, is equivalent to Ito's virtual 
LUN. However, as even the Examiner admits in the final paragraph of page 3 of the 


Examiner's Answer, Ito's virtual LUN is simply an alias, or synonym, for a physical LUN. 
As clearly shown in Figure 16 of Ito, as described by the Examiner in the final paragraph of 
page 3 of the Examiner's Answer, and as well described throughout Ito, including in the 
paragraph beginning on line 17 of column 12, there is a one-to-one mapping between virtual 
LUNs and real LUNs in Ito's storage subsystem. Ito employs virtual LUNs, essentially 
aliases for physical LUNs, in order to not expose physical LUN numbers to host computers. 
Ito's virtual LUNs have absolutely nothing whatsoever to do with control device logical units, 
or CDLUNs. Ito does not teach, mention, or suggest that Ito's virtual LUNs bear any 
resemblance or connection with CDLUNS, and Ito does not once use the term CDLUN or the 
equivalent phrase "control device logical unit." CDLUNs do not correspond to physical 
LUNs, as discussed in the above-quoted paragraph in the current application, and as well 
known to anyone familiar with modern disk arrays and storage subsystems. The CDLUN is 
merely a means to allow a host computer to specify certain types of operations, often 
involving either multiple physical LUNs or no LUNs, to a disk array or storage subsystem 
that expects each request to contain an indication of a LUN. Because the term "CDLUN" or 
"control device logical unit" is standard, well-known terminology, because Ito does not once 
use this term, or provide any kind of suggestion for a virtual LUN equivalent to a CDLUN, it 
is abundantly clear that Ito does not include any disclosure directed or related to CDLUNs. 
Ito's virtual LUNs are simply aliases or synonyms for physical LUNs. For this reason alone, 
Ito cannot possible anticipate either of independent claims 1 and 6, which specifically and 
repeatedly mention control device logical units, as emphasized by italicization and holding in 
the above-provided claims 1 and 6.. 

On page 6 of the Examiner's Answer, the Examiner states: 

It is not clear how appellant derived the conclusion that Ito does not disclose "both 
LUNs and CDLUNs" due to "a strict, one-to-one mapping between LUNs and virtual 
LUNs." Additionally, the examiner points out that the claim language does not 
include a limitation that would preclude one-to-one mapping between LUNs and 
CDLUNs. In fact, claim 1 clearly discloses limitation permitting a single mapping of 
LUN and CDLUN (". . . when a remote entity requests execution of an operation 
directed to a specific control device logical unit and involving one or more additional 
specified logical units . . ."). 

In Appellant's respectfully offered opinion, the Examiner has missed the point of Appellants' 
argument. Appellants do not argue that Ito does not disclose "both LUNs and CDLUNs" due 
to a "strict, one-to-one mapping between LUNs and virtual LUNs." Instead, Appellant points 
out that a CDLUN is not a physical LUN. A CDLUN is simply a numeric specification of an 


operation carried out by a disk array, storage subsystem, or other mass-storage device. 
Appellants' representative has pointed out the one-to-one mapping between LUNs and virtual 
LUNs in Ito to show that, in Ito, a virtual LUN is equivalent to a physical LUN. It is simply 
another numeric designation for a physical LUN, or, as commonly described in computing, 
an alias or synonym for a physical LUN. Ito's virtual LUNs do not represent operations 
carried out by Ito's storage subsystem. Again, a CDLUN is not a physical LUN. By contrast, 
virtual LUNs in Ito are physical LUNs. 

On page 6 of the Examiner's Answer, the Examiner further states: 

Furthermore, the claim language does not include the limitation: 'CDLUN is 
used by remote host computers as a single target, or single numerical value, to 
represent controller functionality involving multiple LUNs.' Appellant is 
reminded that although the claims are interpreted in light of the specification, 
limitations from the specification are not read into the claims. 

Appellant's representative frequently encounters such statements in Office Actions. Using a 
well-known term in the art that is additionally well-defined in an application, and insisting 
that the well-known and well-defined term be accorded its well-known and well-defined 
meaning, does not have anything to do with importing limitations from the specification. If 
the claim drafter cannot rely on well-known and well-defined terms to be interpreted 
according to their well-known and well-defined meanings, and, instead, the claim drafter 
would be required to precisely define all such terms in the claims, rather than in the 
specification, then there would essentially be no reason to include a specification separate 
from the claims, and claims would run from tens to hundreds of pages in length. The 
Examiner is not permitted to arbitrarily redefine well-known and well-defined claim terms in 
order to read claims onto essentially unrelated disclosures in cited references. The 
prohibition of importation of limitations from the specification is absolutely irrelevant to the 
question of whether or not the Examiner can read the well-known and well-defined term 
CDLUN onto Ito's alias for a physical LUN, which Ito refers to as "virtual LUN." Because 
CDLUNs are not aliases for physical LUNs, but instead specify operations carried out by disk 
arrays and storage subsystems, because the term CDLUN is well-known in the art, and 
because the term CDLUN and the equivalent phrase "control device logical unit" are well 
defined in the current application, the Examiner cannot read the well-known and well-defined 
term CDLUN onto Ito's completely unrelated phrase "virtual LUN." 

In Philips v. AWH, decided on July 12, 2005 by the Federal Circuit, an 
extensive review of claim interpretation is provided. In Phillips, the Court states: 


We have frequently stated that the words of a claim "are generally given their 
ordinary and customary meaning." Vitronics, 90 F.3d at 1582 ... We have made 
clear, moreover, that the ordinary and customary meaning of a claim term is the 
meaning that the term would have to a person of ordinary skill in the art in question at 
the time of the invention ... Importantly, the person of ordinary skill in the art is 
deemed to read the claim term not only in the context of the particular claim in which 
the disputed term appears, but in the context of the entire patent, including the 
specification. ... Because the meaning of a claim term as understood by persons of 
skill in the art is often not immediately apparent, and because patentees frequently use 
terms idiosyncratically, the court looks to "those sources available to the public that 
show what a person of skill in the art would have understood disputed claim language 
to mean." . . . Quite apart from the written description and the prosecution history, the 
claims themselves provide substantial guidance as to the meaning of particular claim 
terms. ... The claims, of course, do not stand alone. Rather, they are part of "a fully 
integrated written instrument," Markman, 52 F.3d at 978, consisting principally of a 
specification that concludes with the claims. For that reason, claims "must be read in 
view of the specification, of which they are part." ... On numerous occasions since 
then, we have affirmed that point, stating that "[t]he best source for understanding a 
technical term is the specification from which it arose ... Consistent with that general 
principle, our cases recognize that the specification may reveal a special definition 
given to the claim term by the patentee that differs from the meaning it would 
otherwise possess. 

In other words, it is clear that the term CDLUN and the equivalent phrase "control device 
logical unit" cannot be read on Ito's phrase "virtual LUN," since Ito's phrase "virtual LUN" 
means an alias or synonym for a physical LUN, and the term CDLUN and the equivalent 
phrase "control device logical unit" are defined, in the current application, to mean an 
operation carried out by a disk array or other mass storage device on multiple LUNs, or an 
operation not related to any particular LUN. 

On page 8 of the Examiner's Answer, the Examiner attempts to justify reading 
the claim language "access table" and the claim language "supplemental access table" onto a 
single table, the "LUN access management table" disclosed by Ito. These arguments make no 
sense, from either a technical viewpoint or from basic principles of claim interpretation. 
When a claim drafter uses two different terms in a claim, it is assumed that the two different 
terms refer to two different features, entities, or steps. Otherwise, the claim would be 
inherently ambiguous. In claims 1 and 6, Appellant clearly claims both an "access table" and 
a "supplemental access table." Thus, claims 1 and 6 clearly claim two different tables. One 
table, the access table, is essentially equivalent to Ito's "LUN access management table." 
Both tables include entries that each authorizes a particular host computer to access a 
particular LUN provided by a disk array or storage subsystem. In Ito's case, the table 
includes an additional field that represents an alias for the LUN. However, as clearly 


described throughout Ito, Ito's "LUN Access Management Table" serves the identical 
purposes as the access table claimed in claims 1 and 6 and clearly described in the current 
application. The "supplemental access table," clearly claimed in claims 1 and 6, is a different 
table distinct from the access table. As clearly claimed in claims 1 and 6, and as clearly 
described in the current application, the supplemental access table contains entries that each 
authorize access, by CDLUNs, to LUNs provided by the disk array or storage subsystem. Ito 
simply does not teach, mention, or suggest anything equivalent to, or even remotely related 
to, the currently claimed supplemental access table. Ito makes no mention of any kind of 
authorization of access to LUNs by internal operations provided by Ito's storage subsystem. 
As discussed above, Ito does not once teach, mention, or suggest any feature or entity related 
to CDLUNs. The LUN and virtual LUN in Ito's "LUN access management table" refer to the 
same, identical physical LUN. It makes no sense for the Examiner to suggest that these two 
fields represent authorization of access by one LUN to another, since both represent the same 
physical LUN. Ito does not mention any kind of two-part authorization process for 
authorizing host computer access to a CDLUN, and separately authorizing access by the 
CDLUN to a number of additional LUNs. Ito is entirely and completely unrelated to the 
subject matter to which independent claims 1 and 6, and claims 2-4 and 7-10 that depend 
from them, are directed. 

CONCLUSION 

As discussed above, Ito is unrelated to the currently claimed subject matter. 
Ito does not teach, mention, or suggest the currently claimed supplemental access table, and 
Ito does not teach, mention, or suggest any kind of two-part authorization in which an access 
table is first consulted to authorize access by a host computer of a CDLUN provided by a 
disk array or storage subsystem, and then a supplemental access table is separately consulted 
to separately authorize access by the CDLUN to additional, separately specified LUNs 
provided by the disk array or storage subsystem. Because Ito is entirely and completely 
unrelated to the claimed subject matter, and because the Examiner has withdrawn all former 
rejections other than the 35 U.S.C. §102(e) rejections based on Ito, Appellant's representative 
can see no point in returning to prosecution. While Appellant's representative acknowledges 
that Ito is at least concerned with storage subsystems, and not directed to completely different 
technical art, as were the cited references in the withdrawn rejections, Ito is, nonetheless, 
unrelated to the currently claimed subject matter, and Appellant's representative respectfully 
argues that it would be unfair for Appellant to waste further time and expense in prosecution. 


Therefore, Appellant respectfully requests that the appeal be maintained. The Examiner has 
had ample time to either allow the current claims or to provide a reasonable rejection of the 
claims, but has failed to do either. A 35 U.S.C. § 102 anticipation rejection of claims based 
on a reference that does not teach, mention, or suggest a large number of terms, phrases, and 
method steps clearly recited in the claims, including CDLUN, a supplemental access table, 
and a two-part authorization process that uses both and access table and a supplemental 
access table, is not reasonable, in Appellants" representative's respectfully offered opinion. 


Applicants respectfully submit that all statutory requirements are met and that 


the present application is allowable over all the references of record. Therefore, Applicants 
respectfully requests that the present application be passed to issue. 
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CLAIMS APPENDIX 

1 . A method for authorizing access by remote entities to logical units provided 
by a mass storage device comprising: 

providing an access table that includes entries that each represents 
authorization of a particular remote entity to access a particular logical unit; 

providing a supplemental access table that includes entries that each represents 
authorization of a particular control device logical unit to access a particular logical unit; and 

when a remote entity requests execution of an operation directed to a specified 
control device logical unit and involving one or more additional specified logical units, 

authorizing the request for execution of the operation only when an 
entry currently exists in the access table that represents authorization of the remote entity to 
access the specified control device logical unit and, for each of the one or more additional 
specified logical units, an entry exists in the supplemental access table that represents 
authorization of the specified control device logical unit to access the additional specified 
logical unit. 

2. The method of claim 1 wherein the mass storage device includes ports through 
which requests from remote entities are received, and wherein authorizing a request for 
execution is carried out by a controller within the mass storage device. 

3. The method of claim 2 wherein the access table includes entries each 
comprising: 

an indication of a logical unit or control device logical unit; 
an indication of a port; and 
an indication of a remote entity. 

4. The method of claim 2 wherein the supplemental access table includes entries 
each comprising: 

an indication of a control device logical unit; and 
an indication of a logical unit. 



5. The method of claim 2 wherein the mass storage device is a disk array and 
remote entities are remote computers interconnected with the disk array via a 
communications medium. 

6. An authorization system for authorizing access by remote entities to logical 
units provided by a mass storage device comprising: 

a request detecting component that detects requests for execution of an 
operation generated by a remote entity; 

an access table that includes entries that each represents authorization of a 
particular remote entity to access a particular logical unit; 

a supplemental access table that includes entries that each represents 
authorization of a particular control device logical unit to access a particular logical unit; and 

control logic that authorizes a request made by a remote entity, detected by the 
request detecting component, directed to a specified control device logical unit and involving 
one or more additional specified logical units only when an entry exists in the access table 
that represents authorization of the remote entity to access the specified control device logical 
unit and, for each of the one or more additional specified logical units, an entry exists in the 
supplemental access table that represents authorization of the specified control device logical 
unit to access the additional specified logical unit. 

7. The system of claim 6 wherein the mass storage device includes ports through 
which requests from remote entities are received, and wherein the control logic resides within 
the mass storage device. 

8. The system of claim 7 wherein the access table includes entries each 
comprising: 

an indication of a logical unit or control device logical unit; 

an indication of a port; and 

an indication of a remote entity. 


9. The system of claim 7 wherein the supplemental access table includes entries 
each comprising: 

an indication of a control device logical unit; and 
an indication of a logical unit. 

10. The system of claim 7 wherein the mass storage device is a disk array and 
remote entities are remote computers interconnected with the disk array via a 
communications medium. 
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